[jbosstools-issues] [JBoss JIRA] (JBDS-4237) Generate CVE vulnerability report for devstudio

Generate CVE vulnerability report for devstudio ----------------------------------------------- Key: JBDS-4237 URL: https://issues.jboss.org/browse/JBDS-4237 Project: Red Hat JBoss Developer Studio (devstudio) Issue Type: Bug Components: build, versionwatch Affects Versions: 10.3.0.AM1 Reporter: Nick Boldt Assignee: Jeff MAURY Fix For: 10.x Attachments: Screenshot_2017-01-10_18-58-03.png, Screenshot_2017-01-10_19-04-45.png 0. download http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.4-release.zip 1. download latest CI build update site zip, target platform zip, central zip, etc. 2. unpack update site zips 3. unpack dep-check zip 4. generate CVE report for each fetched zip: {code} ./dependency-check.sh --disableAssembly -s /path/to/update-site/plugins/ --project devstudio_check -o WORKSPACE/path/to/report/folder/ {code} Should use https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin for better reporting and maybe even enable this on every project job (once moved to CCI Jenkins).